What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Oracle

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with . . . Read more

Xerox DocuShare Bugs Allowed Data Leaks

CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive . . . Read more

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

The modular malware is highly sophisticated but may not be able to capture credit-card info. ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale (PoS) solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking . . . Read more

Oracle Solaris Zero-Day Attack Revealed

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw. A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that . . . Read more

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit. Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability (CVE-2020-14750) has a CVSS base score of 9.8 out of 10, and is remotely exploitable . . . Read more

Oracle Kills 402 Bugs in Massive October Patch Update

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

TikTok Launches Bug Bounty Program Amid Security Snafus

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.